Mexico Investigates Suspected Cyberattacks Against 5 Banks

Mexican officials are investigating a series of technical glitches that may have been a prelude to a large cyberattack affecting at least five banks, according to news reports. The full scope of the incidents, however, remains fuzzy.

The losses could be as high as 400 million pesos ($20 million), although much remains unknown, Mexican media outlet El Financiero reported on Monday.

Fraudsters created money transfer orders, wiring the money to other accounts and then withdrawing it, Reuters reports. Investigators are attempt to determine whether fraudsters may have had inside help because large cash withdrawals are rare, it reports, adding that Banorte, the country's second largest bank, was among those targeted.

Mexico's central bank, Banco de México - abbreviated as Banxico - is investigating five banks whose connections to its electronic payment system were compromised, Bloomberg reports. The central bank's head of operations, Lorenza Martinez, tells Bloomberg that the vulnerability in the connections allowed money to be withdrawn from bogus accounts at the bank.

Efforts to reach Banxico and several other banks weren't immediately successful.

Slower Transactions

The first hiccups at Mexican banks appeared in late April. Banxico on April 27 warned of issues among banks that use Mexico's Interbank Electronic Payments, known as SPEI. The system, which is accessible to consumers, allows for interbank transfers between accounts at different domestic banks, with transactions completing in just seconds.

On April 30, Banxico warned that the issues could be slowing down SPEI payments. But it assured the public that the integrity of the system had not been compromised and that SPEI "continues to operate normally and safely."

Nonetheless, Banxico encouraged banks to use a back-up interbank transfer system rather than SPEI. Three banks moved to the alternative transfer system, changing over to the central bank's settlement system, the Associated Press reported.

Banxico reported that it detected security incidents at three banks on April 27; Associated Press reported that they involved software vulnerabilities. At the time, Banxico requested that banks slow down transactions, such as debit card purchase approvals and electronic payments, which led to widespread delays (see Hackers Target 3 Mexican Banks' Real-Time Transfers).

Hackers' Interest In SPEI

Mexico's banking system apparently hasn't been targeted by cybercriminals in Asia or Russia, says Andrew Komarov, a threat intelligence researcher. That's likely because moving money internationally out of Mexico is difficult due to strict foreign exchange controls and extensive approval processes required to move money, he says. Such schemes would require an extensive in-country team, including money mules to withdraw fraudulent funds, he says.

Late last year, Komarov says hackers in underground online forums were seeking detailed documentation on how SPEI works, which would be an obvious first step in any effort to build compatible malware.

"It confirms there was interest in this banking system," he says, adding that the same kind of documentation was sought prior to a spate of attacks involving fraudulent SWIFT money-moving messages and against ATMs.

In January, Mexico's government-run export bank, Bancomext, was targeted by hackers, but it said no money was stolen. "Authorities have confirmed that the modus operandi of the alleged hackers is similar to intrusions that have occurred in other institutions in Mexico and Latin America," the bank reported.

Despite the report that there were no losses, Komarov says: "We know with high confidence the attack on Bancomext and recent events are closely related to each other and may be related to chain of targeted attacks against Mexican financial system."

Echoes of Fraud via SWIFT

The issues in Mexico follow a series of increasingly bold attacks by hackers against banks, particularly in locales where security measures may be weaker.

Attackers have sought to gain access to the SWIFT financial messaging software that's inside most banks and used to facilitate international transfers.

SWIFT faced a crisis after hackers in February 2016 attempted to steal $951 million from the New York Federal Reserve account of Bangladesh's central bank. The attackers exploited poor security controls and used malware to eventually steal about $81 million (see Bangladesh Bank Hackers Steal $100 Million).

Bangladesh is still trying to recover some of those funds, but they're likely gone for good, New York Times recently reported.

Later that year, SWIFT tripled its security team and established a 24/7 operations center to better prepare itself for attacks upon its members. It also launched a campaign to bring its members up to speed on security best practices (see Security Investments Consume SWIFT's Profits).

About the Author

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.